Read about leveraging Host Information Profile (HIP) to prevent insecure hosts from access your network. Kiwi goes in depth about the ins and outs of Host Information Profiles, how it works with GlobalProtect, and how to access this technology. Got questions? Get answers on LIVEcommunity.
You may have configured the strictest rules on your corporate network border. If you allow insecure hosts on your network, then you might as well just throw your firewall in the trash.
Today’s mobile workforce often requires access to corporate resources from external locations, such as airports, coffee shops, hotels, and from a variety of endpoints—both company-provisioned and personal. This means you must logically extend your network’s security to your endpoints to ensure security enforcement.
What is Host Information Profile (HIP)?
The Host Information Profile (HIP) feature allows you to collect information about the security status of your endpoints, and the decision is based on whether to allow or deny access to a specific host based on adherence to the host policies you define.
How does HIP work exactly?
The GlobalProtect app collects information about the host it is running on. The app then submits this host information to the GlobalProtect gateway upon successful connection. The gateway matches this raw host information submitted by the app against any HIP objects and the HIP profiles that you have defined. If it finds a match, it generates an entry in the HIP match log. Additionally, if it finds a HIP profile match in a policy rule, it enforces the corresponding security policy.
This enables granular security that ensures the remote hosts accessing your network resources are adequately maintained and adhere with your security standards before they are allowed access. For instance, you could enforce that endpoints have a minimum version of anti-virus software installed before they are allowed access to your resources.
HIP objects and HIP profiles
You define which host attributes you are interested in monitoring and/or using for policy enforcement by creating HIP objects and HIP profiles on the gateway(s).
The HIP Objects is the criteria used to filter out the host information you are interested in using to enforce policy from the raw data reported by the app
HIP Object Creation
A HIP Profile is a collection of HIP objects that are evaluated together, either for monitoring or for security policy enforcement.